More Data Leaks as part of OpOlympicHacking

In our recent whitepaper, we demonstrated eight cybersecurity considerations around Rio 2016. The paper lays out hacktivism and cybercrime threats that organizations can expect to see throughout the competition. Since we published the paper, we’ve observed further activity as part of OpOlympicHacking.

Last week, a post was added to Pastebin, which included entries from a database table alleged to have been breached from the website of a consulting firm based in Sao Paolo, Brazil that specializes in international trade, government affairs and investment projects.

The post also contained a link to a Twitter account associated with the hacktivist campaign OpOlympicHacking, though there was no announcement on this account that the company had been targeted.

The exposed data appeared to consist of eight sets of usernames and corresponding clear text passwords. Online searches did not indicate that the data had been posted to publicly available sources prior to the post being made. While we could not confirm whether the credentials alleged to have been stolen from this website were genuine, some of the emails appeared to be legitimate due to some of them appearing on the respective company websites and social media profiles.

The source of the data or how it was acquired was not confirmed; however, if a compromise did take place, we assess there to be a realistic possibility it was obtained as a result of an SQL injection attack. This is based on the appearance of database table names in the Pastebin post and the frequent use of SQL injection tools by hacktivist actors. The targeting of this organization was assessed as consistent with previous activity associated with this campaign.

This is not a new tactic. Back in February, as part of OpOlympicHacking, we detected claims of successful data leakage, in one instance against a multinational energy corporation that has been embroiled in multiple corruption scandals in Brazil, as well as claims of successful distributed denial of service attacks. This appears to be a continuation of this trend and, with under a week to go until the opening ceremony, hit is highly likely that further targeting as part of this campaign will be conducted in the near future.